Vulnerabilities > Midicart Software > Midicart PHP Shopping Cart
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-08-17 | CVE-2005-2601 | SQL Injection vulnerability in MidiCart ASP Item_Show.ASP Code_No Parameter SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp. | 7.5 |
2005-05-11 | CVE-2005-1503 | SQL Injection vulnerability in MidiCart PHP Search_List.PHP SearchString Parameter Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php. | 7.5 |
2005-05-11 | CVE-2005-1502 | Cross-Site Scripting vulnerability in MidiCart PHP Search_List.PHP SearchString Parameter Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php. network midicart-software | 6.8 |
2005-05-11 | CVE-2005-1501 | Information Disclosure vulnerability in MidiCart PHP Shopping Cart MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message. | 7.5 |